spyware file location question

  • Thread starter Thread starter Todd and Margo Chester
  • Start date Start date
T

Todd and Margo Chester

Hi All,

A few weeks back I did battle with Context Plus.
It really screwed up a clients laptop. And, yes, I
felt stupid when I found all I had to do was go to
add remove programs and remove it

While fighting it, I noticed that PC-cillin's
firewall kept prompting for access for a program
with no name ("C:\Program Files").

This week I noticed a customer with an obvious
piece of spyware having a similar PC-cillin
prompt to let out a program with only
a directory name and one of the directory names
had a question mark ("?") in it ("C:\Program
Files\Common Files\?dobe\...")

First, a program with no name; second a
program with no name and a directory with
a question mark in it.

Hmmmmm. Are these guys getting so cleaver
that they can run their garbage from deleted
areas of the hard drive? Anyone know what
is happening here? Is there a way to
defeat this, like destroying (overwriting) all
open space?

Many thanks
--Todd
 
My reply is at the bottom of your message :

Todd and Margo Chester said:
Hi All,

A few weeks back I did battle with Context Plus.
It really screwed up a clients laptop. And, yes, I
felt stupid when I found all I had to do was go to
add remove programs and remove it

While fighting it, I noticed that PC-cillin's
firewall kept prompting for access for a program
with no name ("C:\Program Files").

This week I noticed a customer with an obvious
piece of spyware having a similar PC-cillin
prompt to let out a program with only
a directory name and one of the directory names
had a question mark ("?") in it ("C:\Program
Files\Common Files\?dobe\...")

First, a program with no name; second a
program with no name and a directory with
a question mark in it.

Hmmmmm. Are these guys getting so cleaver
that they can run their garbage from deleted
areas of the hard drive? Anyone know what
is happening here? Is there a way to
defeat this, like destroying (overwriting) all
open space?

Many thanks
--Todd

Hello Todd!
Very unclear post ,first. You may want to redesign it and include more
information.
http://support.microsoft.com/kb/555375


You mention about client laptops but if you are computer professional you
should already know that spyware and any malware cannot be cleaned only with
just removig them with Add/Remove programs. Malware never remove all its
tracks and the malware program uninstaller always leaves nothing but the most
important part of the virus/spyware and mostly it is deeply hidden for most
users.

This week I noticed a customer with an obvious
piece of spyware having a similar PC-cillin
prompt to let out a program with only
a directory name and one of the directory names
had a question mark ("?") in it ("C:\Program
Files\Common Files\?dobe\...")

First, a program with no name; second a
program with no name and a directory with
a question mark in it.


Well , this is a question for Trend Micro not for Microsoft
newsgroups.Recommend your clients use Windows Firewall in Windows XP SP2 or
ZoneAlarm free for software firewall. Make them also buy a router with
encryption and built-in hardware firewall so they'll have another
protection.Make them use reputable and good products like Panda's products or
the very impressive Nod32 Anti-threat system.

A good idea would be if you encorage your clints read Microsoft Protect your
PC site
and learn more about malware
http://www.microsoft.com/protect



Panda_man
 
Panda_man said:
My reply is at the bottom of your message :



Hello Todd!
Very unclear post ,first. You may want to redesign it and include more
information.
http://support.microsoft.com/kb/555375


You mention about client laptops but if you are computer professional you
should already know that spyware and any malware cannot be cleaned only with
just removig them with Add/Remove programs. Malware never remove all its
tracks and the malware program uninstaller always leaves nothing but the most
important part of the virus/spyware and mostly it is deeply hidden for most
users.




Well , this is a question for Trend Micro not for Microsoft
newsgroups.Recommend your clients use Windows Firewall in Windows XP SP2 or
ZoneAlarm free for software firewall. Make them also buy a router with
encryption and built-in hardware firewall so they'll have another
protection.Make them use reputable and good products like Panda's products or
the very impressive Nod32 Anti-threat system.

A good idea would be if you encorage your clints read Microsoft Protect your
PC site
and learn more about malware
http://www.microsoft.com/protect



Panda_man

You did not answer the question that I asked. ("Are these guys
getting so cleaver that they can run their garbage from deleted
areas of the hard drive?").

When you answer a posting with what you surmise is the question,
without actually reading it, other potential responders do not
read the initial posting because they see that it has already
been answered. This makes it difficult to get a useful reply.

This is a common problem in microsoft.public.xx newsgroups.
It does not occur with any where near the frequency in the
Linux news groups: why? I have no idea.
 
Back
Top